[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] vpn/securemote question.
I've been racking my brains for a few hours on a rulebase to do this and I can't get it to work. 2 sites running NG FP3 hf2+ssl, vpn set up between the 2 of them using a community and limited traffic flowing between the 2 of them. I have some securemote users off site A who access exchange & a few other things as they roam. Some of that traffic is not allowed in the VPN between site A & site B as it would saturate the link between them, however I want any of my securemote users to be able to roam onto the B network and access the services they would normally access via securemote from there. I thought it'd be a case that Securemote authenticates to the firewall at site A and establishes a tunnel to it (have allowed that in the rulebase on B), however in the fw log on site A I get "Encryption failure: Different community ID, possible NAT problem (VPN Error code 02)" on the ike rule The Nat rules that apply are allinternalnets to allinternalnets = original to original net A to any = FW A(hide) to original net B to any = FW B(hide) to original Anybody got any ideas where it's going wrong or a better way of doing it ? Uly ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|